Near field connection establishment

ABSTRACT

Disclosed is an apparatus capable of hosting a secure module. The apparatus comprises a communication unit capable of near field communications, and a control unit configured to co-operate with the secure module. The control unit is further configured to detect a radio frequency field and, in response to the detection of the radio frequency field, to pass, to the secure module, control of establishing a near field connection through the communication unit. Also disclosed is a secure module, comprising a control unit configured to assume control of establishing a near field connection, wherein the control unit is further configured to provide, in the course of the near field connection establishment, a set of capabilities comprising near field communication capabilities of the secure module and near field communication capabilities of an apparatus hosting the secure module.

RELATED APPLICATION

This application was originally filed as PCT Application No.PCT/FI2006/050404 filed Sep. 20, 2006.

FIELD OF THE INVENTION

The present invention generally relates to communication systems and useof near field communication.

BACKGROUND OF THE INVENTION

Near field communication (NFC) is a communication technology thatoperates in short distances (for example in distances below tens ofcentimeters). Information may be transferred for example over RFID(radio-frequency identification) protocols. Usually, one of the partiesin near field communications is a passive device, such as a card or atag, and the other one is an active device, such as an RFID reader or amobile phone with an integrated RFID circuitry. Also NFC communicationbetween two active devices is possible.

A mobile phone with NFC capabilities and an incorporated secure modulecapable of holding sensitive information such as credit card data mayact both as a passive RFID device and as an active RFID reader. For suchmobile phone there are various use cases. First, users may wish to readand write information from passive RFID tags (browser shortcuts,business cards, etc.), that is, to interact with external passivedevices. Secondly, the secure smartcard module hosted in the mobilephone may function as a passive RFID device itself for example forticketing and payment applications. Thirdly, the mobile phone may act asan active device interacting with another active RFID device such asanother mobile phone in peer-to-peer type of communications. That is, inthe second and the third case the mobile phone interacts with externalactive device.

The dual nature of the usage of the NFC technology in mobile phones,when interacting with external active devices, causes a problem that onemust know, which functionality to expose to external parties, which arewilling to communicate with the mobile phone.

One approach to solving this situation is to always start near fieldcommunications using the MCU (Microcontroller Unit) software of themobile phone (that is, the part of the mobile phone that may act as anactive communication party) and, when it is found out that the otherparty actually wishes to communicate with the secure module (that is,the part of the mobile phone that may act as a passive communicationparty), the communication is handed over to the secure module. Thisapproach causes two major problems. Firstly, when initiatingcommunications, an external RFID reader wishing to communicate with asecure module first sees a certain device that does not look like astandard secure module it expects to see. Some readers might getconfused with this and, for example, display an error message in a userinterface, although the correct target (secure module) does appear inthe field right after the mobile phone switches it on (after noticingthat the communication is actually directed to the secure module).Secondly, the handover of communications to the secure module forces thehandshake phase of the protocol to be redone, which may take asubstantial amount of time—substantial enough to make it impossible topass certain strict compliancy tests related to some paymentapplications for example.

Another approach is to always start near field communications with thesecure module. However, in this case, the MCU software does not havecontrol over the handshake process and thereby cannot make the mobilephone to initially appear as nothing else than a passive card. Thusexternal devices that might want to communicate with the MCU softwaremay interpret the situation such that communication with the MCUsoftware is not possible.

Previously, the former approach has been taken. The drawbacks have beenthere however. Thus, near field communication establishment may stillrequire further considerations.

SUMMARY

According to a first aspect of the invention there is provided anapparatus capable of hosting a secure module, the apparatus comprising

-   a communication unit capable of near field communications, and-   a control unit configured to co-operate with the secure module,    wherein-   the control unit is further configured to detect a radio frequency    field and, in response to the detection of the radio frequency    field, to pass, to the secure module, control of establishing a near    field connection through the communication unit.

According to a second aspect of the invention there is provided a securemodule, comprising

-   a control unit configured to assume control of establishing a near    field connection, wherein-   the control unit is further configured to provide, in the course of    the near field connection establishment, a set of capabilities    comprising near field communication capabilities of the secure    module and near field communication capabilities of an apparatus    hosting the secure module.

According to a third aspect of the invention there is provided a methodfor use in an apparatus capable of near field communications and capableof hosting a secure module, the method comprising

-   detecting a radio frequency field; and-   in response to the detection of the radio frequency field, passing    control of establishing a near field connection to the secure    module.

In an embodiment of the invention the method may further compriselistening to data exchange relating to the near field connectionestablishment.

Further the method may comprise

-   identifying an indication of a connection attempt addressed to    functionality of said apparatus in said data exchange relating to    the near field connection establishment; and in response to    identifying such indication-   intercepting the near field connection establishment in the secure    element; and-   continuing with the near filed connection establishment.

Alternatively or additionally the method may further comprise

-   identifying an indication of a connection attempt addressed to    functionality of the secure module in said data exchange relating to    the near field connection establishment, and-   allowing the secure module to continue with the near field    connection establishment in response to identifying such indication.

In an embodiment of the invention the passing of control to a securemodule is conducted by activating the secure module. Prior to passingcontrol to the secure module, it may be checked, whether the apparatusis in such state that the secure module may be activated.

According to a fourth aspect of the invention there is provided a methodfor use in a secure module, the method comprising

-   assuming control of establishing a near field connection, and-   providing, in the course of the near field connection establishment,    a set of capabilities comprising near field communication    capabilities of the secure module and near field communication    capabilities of an apparatus hosting the secure module.

According to a fifth aspect of the invention there is provided a signalfor providing near field communication capabilities, comprising nearfield communication capabilities of a secure module and near fieldcommunication capabilities of an apparatus hosting the secure module.

According to a sixth aspect of the invention there is provided acomputer program stored in a computer readable medium, the computerprogram comprising computer executable program code adapted to cause anapparatus to perform the method of claim 10.

According to a seventh aspect of the invention there is provided acomputer program stored in a computer readable medium, the computerprogram comprising computer executable program code adapted to cause anapparatus to perform the method of claim 16.

The computer programs of the sixth and seventh aspects may consist ofprogram code executable by any one of the following: a multipurposeprocessor; a microprocessor; an application specific integrated circuit;a digital signal processor; and a master control processor.

According to an eighth aspect of the invention there is provided acontrol unit for use in an apparatus comprising near field communicationcapabilities, wherein the control unit is configured

-   to co-operate with a secure module,-   to detect a radio frequency field, and-   in response to the detection of the radio frequency field, to pass,    to the secure module, control of establishing a near field    connection through the near field communication capabilities of said    apparatus.

The control unit of the eighth aspect may be implemented for example ona chipset.

According to a ninth aspect of the invention there is provided achipset, comprising

-   a communication unit capable of near field communications, and-   a control unit configured to co-operate with a secure module,    wherein-   the control unit is further configured to detect a radio frequency    field and, in response to the detection of the radio frequency    field, to pass, to the secure module, control of establishing a near    field connection through the communication unit.

According to a tenth aspect of the invention there is provided anapparatus capable of near field communications and capable of hosting asecure module, the apparatus comprising

-   means for detecting a radio frequency field; and-   means for passing control of establishing a near field connection to    the secure module in response to the detection of the radio    frequency field.

According to a eleventh aspect of the invention there is provided asecure module comprising

-   means for assuming control of establishing a near field connection,    and-   means for providing, in the course of the near field connection    establishment, a set of capabilities comprising near field    communication capabilities of the secure module and near field    communication capabilities of an apparatus hosting the secure    module.

Various embodiments of the present invention have been illustrated onlywith reference to certain aspects of the invention. It should beappreciated that corresponding embodiments may apply to other aspects aswell.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described, by way of example only, with referenceto the accompanying drawings, in which:

FIG. 1A shows a flow diagram of a method for use in a communicationapparatus according to an embodiment of the invention;

FIG. 1B shows a flow diagram of a method for use in a secure moduleaccording to an embodiment of the invention;

FIG. 2 shows a messaging diagram according to an embodiment of theinvention;

FIG. 3 shows a messaging diagram according to another embodiment of theinvention;

FIG. 4 shows a messaging diagram according to yet another embodiment ofthe invention;

FIG. 5 shows a messaging diagram according to yet another embodiment ofthe invention;

FIG. 6A-6B show a communication capability message according to anembodiment of the invention, and

FIG. 7 shows a block diagram of an apparatus according to an embodimentof the invention.

DETAILED SPECIFICATION

In the description below, like reference numbers are used to denote likeparts.

The term communication apparatus or mobile station used in thisdescription refers in general to any device capable of hosting nearfield communication equipment. Such device may be for example a GSM(Global System for Mobile communication) terminal, a 3G(third-generation) terminal, a UMTS (Universal Mobile TelecommunicationsService) terminal, a WCDMA (Wideband Code-Division Multiple Access)terminal or a terminal using WLAN (Wireless Local Area Network) forradio communications. Additionally such device may be a general purposecomputer, a laptop computer or some other computing device. Typicallysuch device is handheld or otherwise easily movable.

The term mobile control unit, microcontroller unit, control unit orprocessor used in this description refers in general to any computingequipment capable of processing information according to predefinedinstructions. It should be appreciated that even though one of the termsis used in connection with a particular embodiment of the invention,also other processing or computing equipment may be applicable in suchembodiment.

FIG. 1A shows a flow diagram of a method for use in a communicationapparatus according to an embodiment of the invention.

In step 101 the communication apparatus detects a radio frequency field.In response to the detection of the radio frequency field, control ofestablishing a near field connection is passed to a secure module instep 102. Passing the control to the secure module may mean that thecommunication apparatus simply turns on power for the secure module. Ifnecessary, also some more complicated activation procedure may howeverbe conducted. Then the communication apparatus proceeds to listeningdata exchange relating to the near field connection establishment instep 103.

In an embodiment of the invention the step 102 may further comprisechecking, prior to passing control to the secure module, whether thecommunication apparatus is in such state that the secure module may beturned on or activated. If the communication apparatus is not in suchstate, it may be decided that the procedure does not proceed to passingthe control to the secure module. Instead, for example a control unit ofthe communication apparatus may assume control of the near fieldconnection establishment in such case.

In step 104 the communication apparatus monitors whether the near fieldconnection attempt is intended to functionality of the secure module orto functionality of the communication apparatus. If the connection isintended for the secure module, the procedure proceeds to step 105 andthe communication apparatus allows the secure module to continue withthe near field connection establishment. That is, the communicationapparatus does not necessarily do anything concrete in step 105. If thecommunication apparatus notices in step 104 that the connection isintended for the communication apparatus, the procedure proceeds to step106 and the communication apparatus intercepts the near field connectionestablishment in the secure element and continues itself with the nearfiled connection establishment in step 107.

FIG. 1B shows a flow diagram of a method for use in a secure moduleaccording to an embodiment of the invention.

First the secure module is activated in step 111. For example somecontrol of an apparatus hosting the secure module switches on power forthe secure module. Also some more complicated activation procedure maybe conducted if needed. The secure module then assumes control ofestablishing a near field connection. In step 112, the secure moduleinitiates near field connection establishment for example by respondingto messages relating to secure module detection procedure. Then in step113, the secure module provides to an external party a set ofcapabilities comprising near field communication capabilities of thesecure module and near field communication capabilities of the apparatushosting the secure module. After this the secure module may eithercontinue with the near field connection or be intercepted by theapparatus hosting it (not shown in FIG. 1B).

It should be appreciated that the phases illustrated in FIGS. 1A and 1Bmay be conducted out of order and repeated as many times as necessary.

FIG. 2 shows a messaging diagram according to an embodiment of theinvention. The shown example illustrates the situation where an externalparty wishes to communicate with a secure module hosted in some suitableapparatus, which may be for example a mobile phone or some othercommunication apparatus or handheld device.

First, a radio frequency field 2-1 of an external device reaches a MCUof the apparatus hosting the secure module. This may mean simply that RFfield of the external device is always on and the apparatus is placed inproximity of the external device. The MCU detects that the radio fieldis on and activates 2-2 the secure module hosted in the apparatus. Thesecure module assumes responsibility of near field connectionestablishment. The external device and the secure module conduct securemodule detection 2-3, which may comprise exchange of various messagesdepending on the used communication protocols. The MCU remains inactivebut listens to the data exchange between the secure module and theexternal device.

In the course of near field connection establishment the secure moduleprovides to the external device communication capabilities 2-4comprising indication of near field communication capabilities of thesecure module and of the MCU. On the basis of the communicationcapabilities 2-4 the external device sees that the higher level protocolit is using is supported and requests handshake 2-5 according to thatprotocol. In phase 2-6 the MCU notices on the basis of the handshakerequest that the near field connection is intended for the securemodule. Thus the MCU continues to remain inactive and allows the securemodule to continue to respond 2-7 to the handshake request.

FIG. 3 shows a messaging diagram according to another embodiment of theinvention. The shown example illustrates the situation where an externalparty wishes to communicate with the apparatus hosting a secure moduleand not with the secure module. Until message 2-4 the messaging is equalto the messaging of FIG. 2. But now the external device sends a requestfor handshake 3-5, which is intended for the MCU. The MCU sees this inphase 3-6, deactivates 3-7 the secure module, and responds 3-8 to thehandshake request.

FIG. 4 shows a messaging diagram according to yet another embodiment ofthe invention. This example illustrates details of the example of FIG. 2in case the protocol of ISO 14443 standard and NFCIP-1 protocol ofECMA-340 standard are used. The messages relating to secure devicedetection and informing of communication capabilities are the same inboth standards, but the messages have different names. Herein names ofmessages according to both standards are used.

Like in FIG. 2, first a radio frequency field 2-1 of an external devicereaches MCU of an apparatus hosting a secure module. The MCU detectsthat the radio field is on and activates 2-2 the secure module. Thesecure module assumes responsibility of near field connectionestablishment and the MCU remains inactive but listens to the dataexchange between the secure module and the external device.

The external device and the secure module conduct secure moduledetection by exchanging the following messages:

-   4-3: ISO 14443-3 REQA/ECMA-340 SENS_REQ-   4-4: ISO 14443-3 ATQA/ECMA-340 SENS_RES-   4-5: ISO 14443-3 ANTICOLLISION/ECMA-340 SDD_REQ-   4-6: ISO 14443-3 UID/ECMA-340 NFCID1 CLn-   4-7: ISO 14443-3 SELECT/ECMA-340 SEL_REQ.

Then the secure module sends in 4-8: ISO 14443-3 SAK/ECMA-340 SEL_RESmessage an indication that near field communication according to ISO14443 and NFCIP-1 are supported. More specific examples of contents ofsuch message are discussed below in connection with FIGS. 6A and 6B. Nowthe external device is seeking to communicate with the secure moduleaccording to ISO 14443 standard and sends ISO 14443-4 RATS message 4-9.The MCU notices this in phase 4-10 and continues to remain inactive. Thesecure module responds to the RATS message with ISO 14443-4 ATS message4-11 and continues with the near field connection.

FIG. 5 shows a messaging diagram according to yet another embodiment ofthe invention. This example illustrates details of the example of FIG. 3in case the protocol of ISO 14443 standard and NFCIP-1 protocol ofECMA-340 standard are used. Until message 4-8 the messaging is equal tothe messaging of FIG. 4.

Like in FIG. 3 now the external device is seeking to communicate withthe MCU according to NFCIP-1 protocol and sends ECMA-340 ATR_REQ message5-9. The MCU notices this in phase 5-10 and deactivates 5-11 the securemodule. Additionally the MCU responds to the ATR_REQ message withECMA-340 ATR_RES message 5-12 and continues with the near fieldconnection.

It should be appreciated that some of the messages in FIGS. 4 and 5 maybe repeated as many times as necessary. For example, if there are morethan one RFID tags in a radio field, messages 4-5 and 4-6 relating toanticollision may be sent a plurality of times.

Some embodiments according to the present invention, in which anexternal device initially sees a secure module when attempting toestablish near field communication connection, offer the advantage thatsome contactless smartcard applications wherein the connectionestablishment procedure does not proceed to the higher level handshakemay be used. For example some applications, in which a secure module isused as a key for an electrical lock may be implemented such that thelock is opened, if the identification information received in message4-6 of FIG. 4 or 5 matches required access rights. Thus there isbasically no need to conduct the higher level handshake. Suchimplementation is based on that UID (or some other identificationinformation) of the secure module is generally tamperproof, and therebyaccess may be granted on the basis of the UID. UID of an MCU may howeverbe forged. Thus if initial handshake were conducted with the MCU, suchUID-based solution might not be reliable enough, but now that theinitial handshake is conducted with the secure module, such solution isavailable.

According to an embodiment of the invention communication capabilitiesare transmitted by a secure module in a one byte/eight bits long messageaccompanied with a possible checksum. This solution is compatible forexample with near field communication specifications of ISO 14443,Mifare and NFCIP-1 protocol (of EMCA-340 standard). FIG. 6A-6B show twoexamples of a communication capability message according to suchembodiment of the invention.

FIG. 6A shows an example message 600 indicating capability ofcommunicating according to ISO 14443, Mifare and NFCIP-1. Bits 4 and 5indicate capability of Mifare communications, bit 6 indicates capabilityof ISO 14443 communications and bit 7 indicates capability of NFCIP-1communications. Now value of all bits 4-7 is one and thus an externalparty sees that all three protocols are supported.

FIG. 6B shows an example message 610 indicating capability ofcommunicating according to ISO 14443 and NFCIP-1 but not according toMifare. Here value of bits 6 and 7 is one and value of bits 4 and 5 iszero. Thus an external party sees that ISO 14443 and NFCIP-1 aresupported but Mifare is not.

It should be appreciated that the message formats of FIGS. 6A and 6B areonly illustrative examples and that various other possibilities areavailable.

FIG. 7 shows a block diagram of an apparatus 701 according to anembodiment of the invention.

The apparatus comprises a processor 702, which may be called for examplea central processing unit (CPU) or microcontroller unit (MCU), forcontrolling the apparatus. Coupled to the processor there is a memory703 comprising computer program code or software 704. The software 704may include instructions for the processor 702 to control the apparatussuch as an operating system and different applications. Further thesoftware 704 may comprise instructions for controlling the apparatus toprovide the functionality of the invention.

The apparatus 701 further comprises a secure module or element 707,which comprises a control unit 708, a memory 709 and software 710 storedin the memory. The software 710 may include instructions for the controlunit 708 to control the secure module such as an operating system anddifferent applications. Further the software 710 may compriseinstructions for controlling the secure module to provide thefunctionality of the invention. The memory may be tamperproof andthereby act as a secure storage area for storing different data in atamperproof environment on the secure module. The secure data maycomprise secure applications, private data, payment details or the like.In an embodiment, the secure module 707 is a smart card or chippermanently integrated, detachably attached or removably mounted intothe apparatus 701. In an embodiment, the apparatus comprises a smartcard slot (not shown) in which the secure module 707 can be fed. In anembodiment, the secure element 707 is a subscriber identity module(SIM).

The secure module 707 is connected to a power source 711 via a switch712. The processor 702 may control the switch 712 for activating ordeactivating the secure module 707.

The apparatus 701 further comprises a communication module 705 capableof near field communications. The communication module is connected toan antenna 706, which provides an air interface for data exchange withexternal devices. The communication module may be capable ofpeer-to-peer type of near field communications where both the apparatus701 and respective external party are active as well as near fieldcommunications where apparatus 701 acts as a passive party. Further thecommunication module may be capable of near field communications withpassive external devices. The communication module 705 is furtherconnected to the processor 702 and to the secure module 707. In anembodiment, the communication module 705 is an RFID communicationmodule. An external device, such as a point-of-sale terminal, acontactless reader or a mobile phone or other user device (not shown),may communicate with the secure module 707 or with the processor 702 viathe antenna 706 and the communication module 705.

The communication module may further comprise a switch (not shown) forswitching between an internal control connection between the securemodule 707 and the processor 702 and an external communicationconnection between the secure module and the communication module.

In an embodiment of the invention the processor 702 is configured tolisten or “eavesdrop” data that is transferred between the secure moduleand some external device via the communication module. The communicationmodule may be implemented such that, even though a communicationconnection between the communication module and the secure module isactive and a control connection between the processor and the securemodule is inactive, also the processor 702 may listen to the dataexchange.

In an embodiment of the invention the processor 702 is configured tolisten or “eavesdrop” data that is transferred from an external devicevia the communication module to the secure module. That is, the datatransferred from the secure module to the external device may beignored. In this case the communication module may be implemented suchthat it provides data that is conveyed to the secure module also to theprocessor 702.

In addition the apparatus 701 may comprise a user interface (not shown)for receiving user input and providing output to the user.

In an embodiment of the invention the communication module 705 isconfigured to filter radio frequency fields available via the antenna706 before allowing the processor 702 to see them such that theprocessor 702 may not see all available radio fields. In this way theprocessor does not need to react to all, possibly irrelevant radiofields.

In general, the various embodiments of the invention may be implementedin hardware or special purpose circuits, software, logic or anycombination thereof. For example, some aspects may be implemented inhardware, while other aspects may be implemented in firmware or softwarewhich may be executed by a controller, microprocessor or other computingdevice, although the invention is not limited thereto. While variousaspects of the invention may be illustrated and described as blockdiagrams, flow charts, or using some other pictorial representation, itis well understood that these blocks, apparatus, systems, techniques ormethods described herein may be implemented in, as non-limitingexamples, hardware, software, firmware, special purpose circuits orlogic, general purpose hardware or controller or other computingdevices, or some combination thereof.

Furthermore, embodiments of the invention may be practiced in variouscomponents such as integrated circuit modules. The design of integratedcircuits is a highly automated process. Complex and powerful softwaretools are available for converting a logic level design into asemiconductor circuit design ready to be etched and formed on asemiconductor substrate.

It should be appreciated that in this document, words comprise, includeand contain are each used as open-ended expressions with no intendedexclusivity.

The foregoing description has provided by way of non-limiting examplesof particular implementations and embodiments of the invention a fulland informative description of the best method and apparatus presentlycontemplated by the inventors for carrying out the invention. It ishowever clear to a person skilled in the art that the invention is notrestricted to details of the embodiments presented above, but that itcan be implemented in other embodiments using equivalent means withoutdeviating from the characteristics of the invention. It should beappreciated that in any disclosed method the order of specific methodsteps is only illustrative and not restricted to the disclosed example.Thereby the order of the steps can be varied according to implementationneeds.

Furthermore, some of the features of the above-disclosed embodiments ofthis invention could be used to advantage without the corresponding useof other features. As such, the foregoing description should beconsidered as merely illustrative of the principles of the presentinvention, and not in limitation thereof. The scope of the invention isonly restricted by the appended patent claims.

The invention claimed is:
 1. An apparatus, comprising: an interface to asecure module hosted by the apparatus; a communication unit configuredto provide a near field communications interface for communicating withexternal devices; a switch configured to activate and deactivate thesecure module hosted by the apparatus; and a control unit configured toco-operate with the secure module, wherein the control unit isconfigured to: activate, via the switch, establishment of a near fieldcommunication connection through the communication unit to the securemodule in response to the communication unit detecting an external radiofrequency field for establishment of a near field communicationconnection by an external device; and identify a near fieldcommunication connection attempt addressed to a functionality of saidapparatus instead of a near field communication connection attemptaddressed to a functionality of the secure module from the externaldevice.
 2. An apparatus according to claim 1, wherein the control unitis further configured to in response to identifying a near fieldcommunication connection attempt addressed to a functionality of theapparatus intercept the near field connection establishment in thesecure module; and continue with the near field connectionestablishment.
 3. An apparatus according to claim 1, wherein the controlunit is further configured to identify a near field communicationconnection attempt addressed to a functionality of the secure module insaid data exchange relating to the near field connection establishment,and to allow the secure module to continue with the near fieldconnection establishment in response to identifying such indication. 4.An apparatus according to claim 1, wherein the control unit isconfigured to check, prior to passing near field communicationconnection establishment to the secure module, whether the apparatus isin such state that the secure module may be activated.
 5. An apparatusaccording to claim 1, further comprising the secure module, wherein thesecure module is configured to provide, in the course of the near fieldconnection establishment, a set of capabilities comprising near fieldcommunication capabilities of the secure module and near fieldcommunication capabilities of said apparatus.
 6. An apparatus accordingto claim 1, wherein identifying a near field communication attemptcomprises listening to data exchange relating to the near fieldcommunication connection establishment between the secure module and theexternal device.
 7. A method, comprising: hosting a secure module in anapparatus; providing a near field communications interface forcommunicating with devices external to the apparatus; operating a switchto activate and deactivate the secure module hosted by the apparatus;activating, via the switch, establishment of a near field communicationconnection to the secure module in response to detecting an externalradio frequency field for establishment of a near field communicationconnection by an external device; and identifying a near fieldcommunication connection attempt addressed to a functionality of saidapparatus instead of a near field communication connection attemptaddressed to a functionality of the secure module from the externaldevice.
 8. A method according to claim 7, further comprising: inresponse to identifying a near field communication connection attemptaddressed to a functionality of the apparatus intercepting the nearfield connection establishment in the secure module; and continuing withthe near filed connection establishment.
 9. A method according to claim7, further comprising: identifying a near field communication connectionattempt addressed to functionality of the secure module in said dataexchange relating to the near field connection establishment, andallowing the secure module to continue with the near field connectionestablishment in response to identifying such indication.
 10. A methodaccording to claim 7, further comprising: checking, prior to passingnear field communication connection establishment to the secure module,whether the apparatus is in such state that the secure module may beactivated.
 11. A method according to claim 7, wherein identifying a nearfield communication attempt comprises listening to data exchangerelating to the near field communication connection establishmentbetween the secure module and the external device.
 12. A computerprogram comprising computer executable program code stored in anon-transitory computer readable medium, the computer programcomprising: computer executable program code configured to host a securemodule in an apparatus; computer executable program code configured toprovide a near field communications interface for communicating withdevices external to the apparatus; computer executable program codeconfigured to operate a switch to activate and deactivate the securemodule hosted by the apparatus; computer executable program codeconfigured to activate, via the switch, establishment of a near fieldcommunication connection to the secure module in response to detectingan external radio frequency field for establishment of a near fieldcommunication connection by an external device; and computer executableprogram code configured to identify a near field communicationconnection attempt addressed to a functionality of said apparatusinstead of a near field communication attempt addressed to afunctionality of the secure module from the external device.
 13. Acomputer program according to claim 12, the computer program codefurther comprising: computer executable program code configured to inresponse to identifying a near field communication connection attemptaddressed to a functionality of the apparatus intercept the near fieldconnection establishment in the secure module; and continue with thenear field connection establishment.
 14. A computer program according toclaim 12, the computer program further comprising: computer executableprogram code configured to identify a near field communicationconnection attempt addressed to functionality of the secure module insaid data exchange relating to the near field connection establishment,and allow the secure module to continue with the near field connectionestablishment in response to identifying such indication.
 15. A computerprogram according to claim 12, wherein identifying a near fieldcommunication attempt comprises listening to data exchange relating tothe near field communication connection establishment between the securemodule and the external device.
 16. A control unit for use in anapparatus comprising near field communication capabilities, wherein thecontrol unit is configured: to co-operate with a secure module; inresponse to detecting an external radio frequency field forestablishment of a near field communication connection by an externaldevice, to activate, via a switch, establishment of a near fieldcommunication connection through the near field communicationcapabilities of said apparatus to the secure module; and to identify anear field communication connection attempt addressed to a functionalityof said apparatus instead of a near field communication connectionattempt addressed to a functionality of the secure module from theexternal device.
 17. A control unit according to claim 16, wherein saidcontrol unit is implemented on a chipset.
 18. A control unit accordingto claim 16, wherein identifying a near field communication attemptcomprises listening to data exchange relating to the near fieldcommunication connection establishment between the secure module and theexternal device.
 19. A chipset, comprising: a communication unitconfigured to provide a near field communications interface forcommunicating with external devices; and a control unit configured toco-operate with a secure module, wherein the control unit is configuredto: activate, via a switch, establishment of a near field communicationconnection through the communication unit to the secure module inresponse to the communication unit detecting an external radio frequencyfield for establishment of a near field communication connection by anexternal device; and identify a near field communication connectionattempt addressed to a functionality of said apparatus instead of a nearfield communication connection attempt addressed to a functionality ofthe secure module from the external device.
 20. A chipset according toclaim 19, wherein identifying a near field communication attemptcomprises listening to data exchange relating to the near fieldcommunication connection establishment between the secure module and theexternal device.